Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)
From: Ron DuFresne (dufresne_at_winternet.com)
To: Paul Schmehl <email@example.com> Date: Mon, 28 Jul 2003 00:57:29 -0500 (CDT)
> > "Ron, you are just as clueless as you were when Slammer hit."
> > Way to add value there, Bravo!
> It's at least as valuable as your rant about no excuses. Ron comes from
> the same place you do and refuses to see the other side of the issue,
> much like you. No point in rehashing it with him.
<chuckle> no, now let's be fair, I think mine has altered some. Slammer
time around I pushed the "why wasn't it already patched" point. Then it
was pointed out in a few other lists how many backflips and side to side
installs could reinstall a vulnerable set of code making knowing how to
get patches installed and when to reinstall, let alone keep track of the
mess was so overwhelming for these folks, that now I just say, "mitigate
as much as possible at the gateways and servers", at the least, to give
these guys time to sort out the mess of patching and repatching they are
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Full-Disclosure - We believe in it.